I am running Squid 2.5 STABLE3 on a RedHat 7.3 machine w/ a 400Mhz AMD K6-2, 128MB of RAM, and a 15.7GB HD. That said I believe I can move on and address some of the questions I have.
1) I would like to change the error messages to show the actual time and not the GMT time but I cannot find how to do this. Under the faq it says that the signature uses by default the %T for the timestamp but I need to use %t to change to local time. I guess I am not sure which file to change because I cannot find where I need to change the %T. I went to edit the file ERR_ACCESS_DENIED but did not find any %T to replace. Where is the file I need to edit or can I add the %t somewhere under the squid.conf file? 2) I work for a trucking dealership and we have 5 stores. I am currently testing/using Squid with only to computers just to see what I can do with it. Initially all I wanted to do with Squid was block deny all access to the Internet and only allow access to certain work related websites and ips addresses using dstdomain and dst. I tried that and it worked great. My rules are as follows: Acl all src 0.0.0.0/0.0.0.0 ... Acl urls dstdomain (domain names here) Acl ips dst (IP addresses here) http_access allow all urls http_access allow all ips http_access deny !Safe_ports http_access deny CONNECT !SSL_ports http_access allow localhost http_access deny all Then I realized that the above configuration was working perfect but I didn't want to cache the information for two reasons: A. I am not sure how much my little server can process even though I setup a cache size of 975MB I really don't need to cache the data all I wanna do is block using proxy. B. I am afraid that if I cache the data some websites won't show updates pages. So now I have decided I want to use the rules above but I don't want to cache, do I need to add the following entries? No_cache deny urls No_cache deny ips If the above is correct where do I add those two entries? 3) Then I decided that I can use proxy not only to block access to all sites and allow a few but also create a rule that would allow free browsing and block only porn websites using the files found at http://members.lycos.co.uk/njadmin/. So I downloaded both porn and porn1 and setup the following: acl porn url_regex "/etc/squid/porn" acl porn1 url_regex "/etc/squid/porn1" The above was setup right after the ACL called "ips." Now I have to use the porn and porn1 ACLs for all clients (meaning 0.0.0.0/0.0.0.0 but I am already using urls and ips for all clients so now I have to creating a separation between the two. So I decide that since only a few clients will be blocked from everything and then allowed only work related sites I would create special ACLs just for those clients. So say that I have two computers that I want to use with urls and ips then I would do the following (please correct me if I am wrong): Acl pc1 src 10.16.103.203/255.255.255.255 Acl pc2 src 10.16.103.204/255.255.255.255 And then I would do: Http_access allow pc1 urls Http_access allow pc1 ips Http_access allow pc2 urls Http_access allow pc2 ips No_cache deny urls No_cache deny ips Http_access deny pc1 Http_access deny pc2 I guess I am not sure if the above is right but it seems to me that it is. 4) So now that I have the rules for pc1 and pc2 for urls and ips I want to make sure I can use rules porn and porn1 for all computers. So now I am not sure what the order of all this is supposed to be and also if my little 400Mhz w/ 128MB of RAM can handle all requests from about 80 clients (again I don't wanna cache anything). So now I need to do the following: Acl all src 0.0.0.0/0.0.0.0 acl porn url_regex "/etc/squid/porn" acl porn1 url_regex "/etc/squid/porn1" No_cache deny all Allow all !porn !porn1 (to allow access to all sites except those listed under porn and porn1 5) Now I want to have everything together and again I am not sure what the order is so I will put down the order that I think would work and then somebody can tell me if I was right or not. acl all src 0.0.0.0/0.0.0.0 acl pc1 src 10.16.103.203/255.255.255.255 acl pc2 src 10.16.103.204/255.255.255.255 ... acl urls dstdomain .test.com .hey.com .thanks.com acl ips dst 11.25.565.190/255.255.255.255 acl porn url_regex "/etc/squid/porn" acl porn1 url_regex "/etc/squid/porn1" http_access allow pc1 pc2 urls http_access allow pc1 pc2 ips http_access deny !Safe_ports http_access deny CONNECT !SSL_ports http_access allow localhost no_cache deny urls no_cache deny ips http_access deny pc1 http_access deny pc2 http_access allow al 6) Is the above the right order? Yes, no, maybe. I am not sure. Also, I hope you understand what I am trying to accomplish. Any questions please post a reply. Thanks so much in advance for any helps that I receive with this. Santiago.
